package com.chinapost.util;

import javax.servlet.http.HttpSession;

import org.apache.commons.lang3.StringUtils;

import com.chinapost.vo.SessionInfo;

public class AuthUtil {
	
	private HttpSession session;

	public AuthUtil(HttpSession session) {
		this.session = session;
	}

	/**
	 * 判断是否授权访问，是否显示按钮
	 * @param url
	 * @return
	 */
	public boolean isAuth(String url) {
		SessionInfo sessionInfo = (SessionInfo) session.getAttribute(ConfigUtil.getSessionInfoName());
		//admin用户不判断权限
		if (sessionInfo.getLoginName().equals("admin")) {
			return true;
		}
		String authUrls = sessionInfo.getResourceUrls();
		for (String u : authUrls.split(",")) {
			if (StringUtils.equals(u, url)){
				return true;
			}
		}
		return false;
	}
	
	/**
	 * 判断是否admin用户
	 * @return
	 */
	public boolean isAdmin(){
		SessionInfo sessionInfo = (SessionInfo) session.getAttribute(ConfigUtil.getSessionInfoName());
		//admin用户不判断权限
		if (sessionInfo.getLoginName().equals("admin")) {
			return true;
		}
		return false;
	}
}
